An entity that seeks to be a patient safety organization shall submit an initial certification to the Secretary that the entity—

(A)has policies and procedures in place to perform each of the patient safety activities described in section
299b–21(5) of this title; and

(B)upon being listed under subsection (d) of this section, will comply with the criteria described in subsection (b) of this section.

(2) Subsequent certifications

An entity that is a patient safety organization shall submit every 3 years after the date of its initial listing under subsection (d) of this section a subsequent certification to the Secretary that the entity—

(A)is performing each of the patient safety activities described in section
299b–21(5) of this title; and

(B)is complying with the criteria described in subsection (b) of this section.

(b) Criteria

(1) In general

The following are criteria for the initial and subsequent certification of an entity as a patient safety organization:

(A)The mission and primary activity of the entity are to conduct activities that are to improve patient safety and the quality of health care delivery.

(C)The entity, within each 24-month period that begins after the date of the initial listing under subsection (d) of this section, has bona fide contracts, each of a reasonable period of time, with more than 1 provider for the purpose of receiving and reviewing patient safety work product.

(D)The entity is not, and is not a component of, a health insurance issuer (as defined in section
300gg–91(b)(2) of this title).

(E)The entity shall fully disclose—

(i)any financial, reporting, or contractual relationship between the entity and any provider that contracts with the entity; and

(ii)if applicable, the fact that the entity is not managed, controlled, and operated independently from any provider that contracts with the entity.

(F)To the extent practical and appropriate, the entity collects patient safety work product from providers in a standardized manner that permits valid comparisons of similar cases among similar providers.

(G)The utilization of patient safety work product for the purpose of providing direct feedback and assistance to providers to effectively minimize patient risk.

(2) Additional criteria for component organizations

If an entity that seeks to be a patient safety organization is a component of another organization, the following are additional criteria for the initial and subsequent certification of the entity as a patient safety organization:

(A)The entity maintains patient safety work product separately from the rest of the organization, and establishes appropriate security measures to maintain the confidentiality of the patient safety work product.

(B)The entity does not make an unauthorized disclosure under this part of patient safety work product to the rest of the organization in breach of confidentiality.

(C)The mission of the entity does not create a conflict of interest with the rest of the organization.

(c) Review of certification

(1) In general

(A) Initial certification

Upon the submission by an entity of an initial certification under subsection (a)(1) of this section, the Secretary shall determine if the certification meets the requirements of subparagraphs (A) and (B) of such subsection.

(B) Subsequent certification

Upon the submission by an entity of a subsequent certification under subsection (a)(2) of this section, the Secretary shall review the certification with respect to requirements of subparagraphs (A) and (B) of such subsection.

(2) Notice of acceptance or non-acceptance

If the Secretary determines that—

(A)an entity’s initial certification meets requirements referred to in paragraph (1)(A), the Secretary shall notify the entity of the acceptance of such certification; or

(B)an entity’s initial certification does not meet such requirements, the Secretary shall notify the entity that such certification is not accepted and the reasons therefor.

(3) Disclosures regarding relationship to providers

The Secretary shall consider any disclosures under subsection (b)(1)(E) of this section by an entity and shall make public findings on whether the entity can fairly and accurately perform the patient safety activities of a patient safety organization. The Secretary shall take those findings into consideration in determining whether to accept the entity’s initial certification and any subsequent certification submitted under subsection (a) of this section and, based on those findings, may deny, condition, or revoke acceptance of the entity’s certification.

(d) Listing

The Secretary shall compile and maintain a listing of entities with respect to which there is an acceptance of a certification pursuant to subsection (c)(2)(A) of this section that has not been revoked under subsection (e) of this section or voluntarily relinquished.

(e) Revocation of acceptance of certification

(1) In general

If, after notice of deficiency, an opportunity for a hearing, and a reasonable opportunity for correction, the Secretary determines that a patient safety organization does not meet the certification requirements under subsection (a)(2) of this section, including subparagraphs (A) and (B) of such subsection, the Secretary shall revoke the Secretary’s acceptance of the certification of such organization.

(2) Supplying confirmation of notification to providers

Within 15 days of a revocation under paragraph (1), a patient safety organization shall submit to the Secretary a confirmation that the organization has taken all reasonable actions to notify each provider whose patient safety work product is collected or analyzed by the organization of such revocation.

(3) Publication of decision

If the Secretary revokes the certification of an organization under paragraph (1), the Secretary shall—

(A)remove the organization from the listing maintained under subsection (d) of this section; and

(B)publish notice of the revocation in the Federal Register.

(f) Status of data after removal from listing

(1) New data

With respect to the privilege and confidentiality protections described in section
299b–22 of this title, data submitted to an entity within 30 days after the entity is removed from the listing under subsection (e)(3)(A) of this section shall have the same status as data submitted while the entity was still listed.

(2) Protection to continue to apply

If the privilege and confidentiality protections described in section
299b–22 of this title applied to patient safety work product while an entity was listed, or to data described in paragraph (1), such protections shall continue to apply to such work product or data after the entity is removed from the listing under subsection (e)(3)(A) of this section.

(g) Disposition of work product and data

If the Secretary removes a patient safety organization from the listing as provided for in subsection (e)(3)(A) of this section, with respect to the patient safety work product or data described in subsection (f)(1) of this section that the patient safety organization received from another entity, such former patient safety organization shall—

(1)with the approval of the other entity and a patient safety organization, transfer such work product or data to such patient safety organization;

(2)return such work product or data to the entity that submitted the work product or data; or

(3)if returning such work product or data to such entity is not practicable, destroy such work product or data.